2. Policy Implementation

1. Policy Development 2. Policy Implementation 3. Operations
4. Compliance
5. Oversight 6. Redress
7. Outreach 8. Coordination 9. SME
  10. Training  

Information Sources and Labels

Ensuring that the public's PII is protected requires that the fusion center handle PII and Sensitive PII appropriately. One technique to ensure adequate protection of PII and other information that a fusion enter may collect is to appropriately label the information. Ensuring that information can only be accessed by individuals who have a reason is another way to protect the public.

Information Sharing and Dissemination

In order to ensure that privacy concerns are addressed prior to the dissemination of products and bulletins (2pp | 3mb | PDF), the P/CRCL Officer should develop procedures for P/CRCL protections. Some examples of procedures that a P/CRCL Officer could implement include periodic training, product review, and oversight of nondisclosure agreements.

A P/CRCL Officer should periodically review information collected and/or gathered by analysts and purge information that is no longer needed or expunge information that violates an individual's civil rights or civil liberties.

Reviews new or enhanced programs for privacy issues

A P/CRCL Officer should have a basic understanding of authentication and role-based credentials. Having a background in these, as well as other technology issues, will allow you to ask the right questions when your fusion center is considering utilizing a new IT systems and other technologies.

Use the Privacy Impact Assessment (PIA) and the Guide to Conducting PIAs for State, Local, and Tribal Information Sharing Initiatives (38pp | 1mb | PDF), as tools to identify and mitigate privacy risks at the beginning of and throughout the development life cycle of a program or system.

Start by consulting the Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities (60pp | 2.3mb | PDF). It provides a framework with which to examine the privacy implications of information systems and information sharing collaborations so that policies address the vulnerabilities identified through the assessment process. The guide's template is designed to reflect the same policy concepts as those recommended in the Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities (194pp | 13mb | PDF).

The DHS Privacy Office also offers PIA Guidance (40pp | 447kb | PDF) and a PIA Template (19pp | 229kb | PDF) that will provide a model to draft an assessment for your fusion center.

P/CRCL in IT Systems

The Global framework document, Implementing Privacy Policy in Justice Information Sharing, (115pp | 2.3mb | PDF) was developed for technical practitioners to provide guidelines for supporting the electronic expression of a privacy policy and how to convert a privacy policy so that it is understandable to computers and software.

The DHS Privacy Technology Implementation Guide (36pp | 358kb | PDF) and Global's Fusion Center Technology Resources Road Map (18pp | 1.4mb | PDF) are a general guides for technology managers and developers to integrate privacy protections into operational IT systems. Specific information on Justice Agency Use of Biometrics (4pp | 591kb | PDF) and Information Quality Risk guidance has been developed to guide your use of this specialized technology.

Training, Business Process, and Systems Design

Similar to developing a Privacy Impact Statement, you should draft and implement a Civil Liberties Impact Assessment (CLIA). Developing a CLIA will assist in ensuring that your fusion center has a meaningful plan to address potential civil liberties issues.

Job aids, manuals, and handbooks can be useful tools for fusion center personnel implementing privacy policy language in daily operations. For example, the DHS Handbook for Safeguarding Sensitive Personally Identifiable Information (30pp | 1.4mb | PDF) sets minimum standards for how all personnel should handle sensitive personally identifiable information (sensitive PII) in paper and electronic form during their everyday work activities at DHS.

A variety of resources exist to provide general implementation guidance. Practical Implementation Resources are available by clicking on the different categories. The ISE Key Issues Guidance (54pp | 480kb | PDF) document provides a comprehensive overview of Privacy Guidelines in the ISE. Best practices and success stories on implementation can also provide ideas for how to best implement your fusion center's P/CRCL Policy.

Source: The DHS Office for Civil Rights and Civil Liberties and the DHS Privacy Office.
Last date page updated: 08/13/13 (CRCL)

Back to Home